Archives for January 2021

January 17, 2021

EFS Tags Auto Assign Backup Tags

Here’s a script that scans all EFS systems in several AWS accounts and regions and randomly assigns backup tags to EFS systems that are missing backup tags. This is assuming EFS is using AWS Backup service using tags to apply backup policies. If there are no backup tags, an EFS gets assigned a randomly picked backup policy.

#!/bin/bash
# log file
output="test.log"
tmpfil="temp.txt"
# empty file
> $output
# set random array
arr[0]="efs-0000"
arr[1]="efs-0400"
arr[2]="efs-0800"
arr[3]="efs-1200"
arr[4]="efs-1600"
arr[5]="efs-2000"
rand=$[ $RANDOM %6 ]
backup=${arr[$rand]}
# set accounts and regions
declare -a account=("default" "one" "two" "three" "four" "five")
declare -a region=("us-east-1" "us-east-2" "us-west-1" "us-west-2")
for i in "${account[@]}"; do
  echo "===================" >> $output
  echo $i >> $output
  echo "===================" >> $output
  for j in "${region[@]}"; do
    echo $j >> $output
        aws efs describe-file-systems \
        --query "FileSystems[*].[FileSystemId,Tags[?Key=='aws-backup']|[0].Value]" \
        --profile $i \
        --region $j \
        --output text > $tmpfil
        while read -r id tag; do
      if [[ $tag == "" ]]; then
        aws efs tag-resource \
        --resource-id $id \
        --tags Key="aws-backup",Value=${arr[$rand]} \
        --profile $i \
        --region $j >> $output
        echo "Added backup tag $backup to $id" >> $output
      elif [[ $tag == "no-backup" ]]; then
        echo "Backup tag is already set to no-backup on $id." >> $output
      else
        echo "No backup tag changes applied to $id." >> $output
      fi
    done < $tmpfil
  done
done
rm $tmpfil

January 16, 2021

AWS CLI Contains

The AWS CLI has a not so well-known comparison operator called “contains” which can be used to filter or query the output of your results. In this example, we want to show only instances that were not terminated.

Here’s a query containing “?!contains().”

aws ec2 describe-instances \
--query 'Reservations[*].Instances[?!contains(State.Name, `terminated`)].{Instance:InstanceId}'
--output text

January 16, 2021

Setup Log Rotation

Logrotation is available in most Linux distros. If they are missing, you can easily install them. The logrotation main configuration file is located in /etc/logrotate.conf which is the default setting. The config file contains an include statement that pulls in other log configurations located in the /etc/logrotate.d/ directory. When setting up a log rotation, it’s best to add your log rotation configuration in this directory.

Here’s a simple configuration in a file called webmon.

/home/ubuntu/webmon.log {
        daily
        create 0640 ubuntu ubuntu
        dateext
        rotate 7
	nocompress
}

The options above does the following:

The logs are rotated daily.
The logs are rotated 7 times with no compression.
The rotate log files will have dates appended to them.
The log files are owned user ubuntu with permission of 0640.

There are more options from the logrotate man pages which can be added.